US Treasury claims Chinese hackers breached security in ‘major incident’

In a major international incident the US Treasury claims it has been compromised by a group of hackers backed by the Chinese government.

Reuters is reporting that Chinese state-sponsored hackers broke into the US Treasury Department this month and stole documents from its workstations, according to a letter to lawmakers.

The hackers reportedly compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said, calling it a “major incident.”

According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” Reuters reports.

The Treasury Department said it was alerted to the breach by BeyondTrust on December 8 and that it was working with the US Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack’s impact.

The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.

A spokesperson for the Chinese Embassy in Washington did not immediately respond to a request for comment. Beijing routinely denies responsibility for cyberespionage incidents.

Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said it appeared the security incident described by BeyondTrust aligns closely with the reported hack at Treasury, although he cautioned that the company itself would need to confirm any connection.

“This incident fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services — a method that has become increasingly prominent in recent years,” he said.